Page MenuHomeFreeBSD

ip_forward: store temporary mbuf on stack
Needs ReviewPublic

Authored by wma on Nov 5 2021, 9:40 AM.

Details

Reviewers
ae
mw
mindal_semihalf.com
tuexen
Group Reviewers
transport
Summary

Store mbuf header and predefined amount of additional data
on the stack.
Using uma-based allocations may lead to performance degradation (this can be seen on armv7 especially where uma* calls are somehow less efficient).
Provide fully-fledged mbuf only if necessary, i.e. on error case.

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

wma requested review of this revision.Nov 5 2021, 9:40 AM

Any comments about this change?

Have you considering using fast forwarding? The reason the feature exists is exactly to optimize this problem (and some others). It would allocate mcopy only in a case when receive interface == forward interface, which is not so common when you normally do forwarding.

ip_fastfwd.c was added as experimental feature, and it seems to me it was staying non-default for too long. So maybe better switch over to it, and remove current ip_forward()?

sys/netinet/ip_input.c
151

What is the relation between the new net.inet.ip.icmperrlen and the already existing net.inet.icmp.quotelen?

AFAIK ip_fastfwd doesn't work on interfaces with IPSEC enabled.

        if (V_ipforwarding != 0 
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
            && (!IPSEC_ENABLED(ipv4) ||
            IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0)
#endif
            ) {  
                if ((m = ip_tryforward(m)) == NULL)
                        return;
                if (m->m_flags & M_FASTFWD_OURS) {
                        m->m_flags &= ~M_FASTFWD_OURS;
                        ip = mtod(m, struct ip *);
                        goto ours;
                }    
        }

Are there any objections for this patch (+ all mentioned fixes)?

sys/netinet/ip_input.c
151

Ah, yes, I forgot about that knob. I will use quotelen instead as not to duplicate existing sysctls.

sys/netinet/ip_input.c
128

RFC_ICMP_ERROR_MIN_LEN is 8 bytes while RFC792's description of the Destination Unreachable Message tell it should be Internet Header + 64 bits of Data Datagram, i.e., 20+8 bytes.